Cloud security: the grand challengeIn addition to the usual challenges of developing secure IT systems, cloud computingpresents an added level of risk because essential services are often outsourced to a thirdparty. The externalized aspect of outsourcing makes it harder to maintain data integrity andprivacy, support data and service availability, and demonstrate compliance.In effect, cloud computing shifts much of the control over data and operations from the clientorganization to their cloud providers, much in the same way organizations entrust part of theirIT operations to outsourcing companies. Even basic tasks, such as applying patches andconfiguring firewalls, can become the responsibility of the cloud service provider, not the user.This means that clients must establish trust relationships with their providers and understandthe risk in terms of how these providers implement, deploy, and manage security on theirbehalf. This trust but verify relationship between cloud service providers and consumers iscritical because the cloud service consumer is still ultimately responsible for compliance andprotection of their critical data, even if that workload had moved to the cloud. In fact, someorganizations choose private or hybrid models over public clouds because of the risksassociated with outsourcing services.Other aspects about cloud computing also require a major reassessment of security and risk.Inside the cloud, it is difficult to physically locate where data is stored. Security processes thatwere once visible are now hidden behind layers of abstraction. This lack of visibility can createa number of security and compliance issues.In addition, the massive sharing of infrastructure with cloud computing creates a significantdifference between cloud security and security in more traditional IT environments. Usersspanning different corporations and trust levels often interact with the same set of computingresources. At the same time, workload balancing, changing service level agreements, andother aspects of today's dynamic IT environments create even more opportunities formisconfiguration, data compromise, and malicious conduct.Infrastructure sharing calls for a high degree of standardized and process automation, whichcan help improve security by eliminating the risk of operator error and oversight. However, therisks inherent with a massively shared infrastructure mean that cloud computing models muststill place a strong emphasis on isolation, identity, and compliance.Cloud computing is available in several service models (and hybrids of these models). Eachpresents different levels of responsibility for security management. Figure 1 on page 3 depictsthe different cloud computing models. READ MORE>